OpenClaw went from booming to crashing in just 45 days

Sudden fall from darling to disaster

OpenClaw — the open-source autonomous agent framework nicknamed “龙虾” by Chinese users — enjoyed a meteoric surge in attention and adoption, and then, in roughly 45 days, faced a sharp reputational collapse. What changed so fast? Users and security teams began complaining loudly about runaway API costs and severe safety holes. It has been reported that a wave of “lobster concept” stocks tumbled in sympathy, a market signal that investors saw real downside to the hype.

Why it burned tokens and trust

The technical root is straightforward: OpenClaw is not a single-turn chatbot. It performs goal decomposition, multi-step reasoning, tool calls and state checks automatically — and it carries a full memory and configuration context into each run. Engineers estimate, and it has been reported that, an active OpenClaw session can balloon to 200,000 tokens or more as system prompts, tool manifests, identities and history are concatenated; the result is API bills that can spike overnight. Reportedly some misconfigured automation tasks have burned hundreds of dollars a day in cloud fees, and thousands of ordinary users complained the system was effectively a “money-eating beast.”

Security alarms and real-world exploits

Security worries compounded the financial pain. OpenClaw runs locally with broad privileges — file read/write, script execution, network access — which amplifies risk if defaults are weak. China’s National Internet Emergency Response Center (国家互联网应急中心) issued an urgent advisory about brittle default settings, and the Ministry of Industry and Information Technology’s cybersecurity threat and vulnerability information sharing platform (工信部网络安全威胁和漏洞信息共享平台) followed with mitigation guidance. It has been reported that GitHub Security Lab disclosed dozens of vulnerabilities in early March, ranging from auth bypass to command injection, and Thai CERT reportedly flagged an npm package impersonating an OpenClaw installer that delivered GhostLoader malware and credential theft.

What this means for users and regulators

Does OpenClaw matter despite the chaos? Yes — for teams with clear processes it can act like a tireless operator, automating email triage, meeting notes, customer replies and repeatable workflows. But it is no silver bullet for companies that lack strategy: give high privileges to automation and it will magnify flaws. The episode also arrives amid broader global scrutiny of AI security, supply chains and data controls; regulators and enterprises now have fresh reasons to tighten deployment standards, and governments may look at policy levers to manage risk. For now OpenClaw sits in the Gartner “hype bubble”: powerful, immature and risky — useful to experiment with, hazardous to trust blindly.